At 10:57 -0500 28 Nov 2011, Alan Porter <porter at trilug.org> wrote:
>You may also want to look at how pilot is configured.
>The postfix config files should be readable by all.
I've now taken a look at the postfix config on pilot, and I see that the
submission service isn't setup how it's supposed to be. The policy for
it is the same as for port 25, allowing unauthenticated clients to send
messages to any address served by pilot.
The main point of using a separate port for message submission is that
it should only accept messages from permitted clients, preferably by
authenticating the client although allowing a local network should also
be acceptable in some cases. This allows ISPs to filter connections to
port 25 from their client network to prevent their customers' computers
from being used to relay spam bypassing mail servers that would be
better able to detect that pattern of abuse.
Allowing unauthenticated messages to be delivered via port 587 this
protection is somewhat reduced. It isn't completely eliminated since I
doubt if much spamming software would actually try to deliver this way,
but if this misconfiguration becomes common the likelihood of that would
increase. It also doesn't really help anybody trying to run a
legitimate mail server from behind such a filter, since they're unlikely
to try this type of delivery even if it were to become commonly allowed.
It should be simple to fix the config on pilot by adding
-o smtpd_recipient_restrictions = permit_sasl_authenticated,reject
to the configuration of the submission service in master.cf. It may be
desirable to include permit_mynetworks in there as well, but I doubt
that it would be necessary.
I also noticed that the unix-domain smtp service is defined twice in
master.cf, the first time with chroot disabled, the second time with
chroot allowed which appears to be the normal configuration for that.